- Ascension suffered a ransomware attack in May 2024
- The investigation into this attack has now been concluded
- Sensitive data of nearly 5.6 million people stolen
Hackers who attacked Ascension Island ransomware Successfully stole the entire treasure trove of sensitive customer information, including medical information, personal identification information, payment information, etc.
The US healthcare giant has now released new details about the ransomware attack and submitted a new form to the Maine Attorney General’s Office.
The cyber attack occurred on May 7 and 8, causing significant disruption to clinical operations. Employees were unable to access electronic health records and patient portals, and some facilities were forced to divert ambulances and suspend elective care.
Disrupting healthcare
The company said in the document that a total of 5,599,699 people were affected by the incident, adding in an update that the information obtained by the scammers included:
- Medical information (medical record number, date of service, lab test type or procedure code)
- Payment information (credit card information or bank account number)
- Insurance information (Medicaid/Medicare ID, policy number, or insurance claim)
- Government identification (Social Security number, tax identification number, driver’s license number, or passport number)
- and other personal information (date of birth or address).
While the attack appears massive, putting millions of people at risk of identity theft, wire fraud, phishing and social engineering attacks, Ascension remains positive.
“While patient data is involved, importantly, there is still no evidence that the data was obtained from our electronic health records (EHR) and other clinical systems, where our complete patient records are securely stored,” it said explain.
The company said it will now begin notifying affected individuals and expects the work to be completed within three weeks.
As of press time, no threat actor was responsible for the attack, and we don’t know if Ascension paid any ransom in exchange for data – although it did say the attack hurt its ability to recover from the previous fiscal year.